[Minor] AuthenicationRequestFilter and AuthenticationService changes
Now we check that the authorization header always exists except for the AuthenticationService.login
This commit is contained in:
parent
4f9cd72d68
commit
8d5d8b2c89
|
@ -71,16 +71,18 @@ public class AuthenticationService {
|
|||
try {
|
||||
|
||||
StringBuilder sb = new StringBuilder();
|
||||
if (StringHelper.isEmpty(login.getUsername())) {
|
||||
sb.append("Username was not given. "); //$NON-NLS-1$
|
||||
if (StringHelper.isEmpty(login.getUsername()) || login.getUsername().length() < 2) {
|
||||
sb.append("Username was not given or is too short!"); //$NON-NLS-1$
|
||||
}
|
||||
if (StringHelper.isEmpty(login.getPassword())) {
|
||||
sb.append("Password was not given."); //$NON-NLS-1$
|
||||
if (StringHelper.isEmpty(login.getPassword()) || login.getPassword().length() < 3) {
|
||||
if (sb.length() > 0)
|
||||
sb.append("\n");
|
||||
sb.append("Password was not given or was too short!"); //$NON-NLS-1$
|
||||
}
|
||||
|
||||
if (sb.length() != 0) {
|
||||
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-1$
|
||||
return Response.status(Status.UNAUTHORIZED).entity(loginResult).build();
|
||||
return Response.status(Status.BAD_REQUEST).entity(loginResult).build();
|
||||
}
|
||||
|
||||
RestfulStrolchComponent restfulStrolchComponent = RestfulStrolchComponent.getInstance();
|
||||
|
@ -103,12 +105,14 @@ public class AuthenticationService {
|
|||
else
|
||||
loginResult.setPrivileges(allowList);
|
||||
|
||||
return Response.ok().entity(entity).build();
|
||||
return Response.ok().entity(entity)//
|
||||
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
|
||||
.build();
|
||||
|
||||
} catch (StrolchException e) {
|
||||
} catch (StrolchException | PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
|
||||
return Response.status(Status.UNAUTHORIZED).entity(entity).build();
|
||||
return Response.status(Status.FORBIDDEN).entity(entity).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
String msg = e.getMessage();
|
||||
|
|
|
@ -6,16 +6,19 @@ package li.strolch.rest.filters;
|
|||
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
import javax.ws.rs.container.ContainerRequestContext;
|
||||
import javax.ws.rs.container.ContainerRequestFilter;
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.ext.Provider;
|
||||
|
||||
import li.strolch.rest.RestfulStrolchComponent;
|
||||
import li.strolch.rest.StrolchSessionHandler;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.utils.helper.StringHelper;
|
||||
|
||||
/**
|
||||
* @author Reto Breitenmoser <reto.breitenmoser@4trees.ch>
|
||||
|
@ -26,17 +29,29 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
|||
|
||||
@Override
|
||||
public void filter(ContainerRequestContext requestContext) throws IOException {
|
||||
|
||||
List<String> matchedURIs = requestContext.getUriInfo().getMatchedURIs();
|
||||
|
||||
// we allow unauthorized access to the authentication service
|
||||
if (matchedURIs.contains("strolch/authentication")) {
|
||||
return;
|
||||
}
|
||||
|
||||
String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
|
||||
if (sessionId != null) {
|
||||
try {
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
|
||||
StrolchSessionHandler.class);
|
||||
Certificate certificate = sessionHandler.validate(sessionId);
|
||||
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
||||
} catch (Exception e) {
|
||||
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
|
||||
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
||||
}
|
||||
if (StringHelper.isEmpty(sessionId)) {
|
||||
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
|
||||
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Missing Authorization!").build()); //$NON-NLS-1$
|
||||
}
|
||||
|
||||
try {
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
|
||||
StrolchSessionHandler.class);
|
||||
Certificate certificate = sessionHandler.validate(sessionId);
|
||||
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
||||
} catch (Exception e) {
|
||||
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
|
||||
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
||||
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue